On 11/3/14 6:48 pm, Justin Edmands wrote:
The current rules all read * for the Gateway. Do all of my current LAN,
OpenVPN, and IPSec rules need to be altered to include the Gateway as the
new Failover1 rule?
Those that rely on the WANs, yes. Rules to allow traffic to pass between
your VPNs and LANs do not need the gateway to be changed. It's worth
noting that incoming rules (i.e. WAN rules) should not have their
gateway changed either.
Do I need to clone each and every rule to have:
rule 1 of 2 say WAN_FailoverGroup1
-and-
rule 2 of 2 say WAN_FailoverGroup2
No - you don't want two copies of each rule. Assuming you've two
connections: WAN1 and WAN2, you'd define a single gateway group - let's
call it 'Failover1to2' for example. WAN1 would be Tier 1 and WAN2 would
be Tier 2. You would then modify each outbound traffic rule to use
'Failover1to2' as the gateway.
If both connections are similar speed/performance, you might want to do
a little policy-based routing. You could define a second gateway group
'Failover2to1' which reverses the tiers. This might be useful for
traffic you want to keep off your 'main' WAN connection (I use this to
send SIP and SSH traffic over the second WAN here, so that performance
doesn't suffer when the primary connection is heavily loaded).
Kind regards,
Chris
--
This email is made from 100% recycled electrons
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list